Mirror of gocryptfs source code on Github http://nuetzlich.net/cgit/gocryptfs/atom?h=v1.5 2018-06-12T21:07:42+00:00 2018-06-12T21:07:42+00:00 Jakob Unterwurzacher 2018-06-10T17:30:10+00:00 urn:sha1:009cc0ae8be9322e4c5b10050db3eb0495c674e6 Also update the performance numbers. I see some slowdown, reason is not yet clear, but nothing to block the release. 2018-06-12T21:05:53+00:00 Jakob Unterwurzacher 2018-06-12T20:59:00+00:00 urn:sha1:e925e1b78e6fb0bb22bd7963b9b45b4fa6fc4695 Gopkg.toml was emptied out by commit c3e12b5e68637 which seemed to work fine at the time. It turns out that, in absence of a branch = "master" constraint, dep will use the last tag. We want latest master, as this is what "go get" fetches, and hence what Travis uses for testing. 2018-06-12T21:05:53+00:00 Jakob Unterwurzacher 2018-06-12T19:07:00+00:00 urn:sha1:bfa50517e9b0b3afe98084cc9ba105caba45b540 Reading system.posix_acl_access and system.posix_acl_default should return EOPNOTSUPP to inform user-space that we do not support ACLs. xftestest essientially does chacl -l | grep "Operation not supported" to determine if the filesystem supports ACLs, and used to wrongly believe that gocryptfs does. 2018-06-07T22:47:48+00:00 Jakob Unterwurzacher 2018-06-07T22:47:48+00:00 urn:sha1:bde7ba57b06eb46f8901454e12524a74a8c3b6e8 Define our own, with the value from Linux. 2018-06-07T22:03:23+00:00 Jakob Unterwurzacher 2018-06-07T22:03:23+00:00 urn:sha1:5ad26495fc86527bbfe75ac6b46528d49a373676 Don't dump the help text on the unsuspecting user, but give a short error message: $ gocryptfs -foobar flag provided but not defined: -foobar Invalid command line: gocryptfs -foobar. Try 'gocryptfs -help'. For comparison: This is what cp does: $ cp --foo cp: unrecognized option '--foo' Try 'cp --help' for more information. And this what we used to do: $ gocryptfs -foobar flag provided but not defined: -foobar gocryptfs v1.4.4-45-gfb772da; go-fuse v20170619-35-gb16719c; 2018-06-08 go1.10.2 Usage: gocryptfs -init|-passwd|-info [OPTIONS] CIPHERDIR or gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT Common Options (use -hh to show all): -aessiv Use AES-SIV encryption (with -init) -allow_other Allow other users to access the mount -config Custom path to config file -ctlsock Create control socket at location -extpass Call external program to prompt for the password -fg Stay in the foreground -fusedebug Debug FUSE calls -h, -help This short help text -hh Long help text with all options -init Initialize encrypted directory -info Display information about encrypted directory -masterkey Mount with explicit master key instead of password -nonempty Allow mounting over non-empty directory -nosyslog Do not redirect log messages to syslog -passfile Read password from file -passwd Change password -plaintextnames Do not encrypt file names (with -init) -q, -quiet Silence informational messages -reverse Enable reverse mode -ro Mount read-only -speed Run crypto speed test -version Print version information -- Stop option parsing You passed: "-foobar" flag provided but not defined: -foobar 2018-06-07T21:09:27+00:00 Jakob Unterwurzacher 2018-06-07T21:06:03+00:00 urn:sha1:fb772da6975eec186161fb00ededc2aef43f9eb9 On Linux, where /proc exists, this makes sure that we are executing ourselves again, and not some other copy of the gocryptfs executable. This usually does not matter, but mount(1) unsets $PATH and sets argv[0] to just "gocryptfs". 2018-06-07T20:57:57+00:00 Julian Orth 2018-05-06T16:08:30+00:00 urn:sha1:10212d791a3196c2c8705a7a3cccdeb14a8efdbe mount(1) unsets PATH before calling mount.fuse. Therefore it's not set in gocrpytfs either and daemonization fails if gocryptfs was not executed via an absolute path. mount.fuse handles this by leaving the execution of the helper to /bin/sh. /bin/sh handles an empty PATH by searching a few default locations. This patch sets the PATH to a sane default if it's empty or unset. 2018-06-07T20:50:30+00:00 Jakob Unterwurzacher 2018-06-07T20:50:30+00:00 urn:sha1:53d6a9999dd0e4c31636d16179f284fff35a35d9 When mounted via /etc/fstab like this, /a /b fuse.gocryptfs default 0 0 we always get extra options passed. As reported by @mahkoh at https://github.com/rfjakob/gocryptfs/pull/233 : mount passes `-o noexec` if `-o user` is set and `-o exec` is not set. If both `-o user` and `-o exec` are set, it passes `-o exec`. Make these options work, and in addtion, also make -suid and -rw work the same way. Reported-by: @mahkoh 2018-06-05T19:02:35+00:00 Jakob Unterwurzacher 2018-06-05T19:02:35+00:00 urn:sha1:e29a81efc3df88b451a4a9464724a952d97b4115 By returning an error instead of calling os.Exit, error cases can be tested easily. Error cases were not tested until now. 2018-05-27T19:39:40+00:00 Jakob Unterwurzacher 2018-05-27T19:39:25+00:00 urn:sha1:98aa9cb1768985b5f4dff33eebf1bc0ebd4a90b3 We need LGet support from the newest release.